A vulnerability was found in libvorbis upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. Upstream issue: https://gitlab.xiph.org/xiph/vorbis/issues/2328 Upstream fix: https://github.com/xiph/vorbis/commit/10064bfdd51f7c59 Bug introduced in: https://github.com/xiph/vorbis/commit/4b67376da7de
Created libvorbis tracking bugs for this issue: Affects: fedora-all [bug 1480650] Created mingw-libvorbis tracking bugs for this issue: Affects: epel-7 [bug 1480649] Affects: fedora-all [bug 1480648]